Hello everyone, It seems that a long-lasting bug in openssl was fixed recently, what makes wpa_supplicant unable to decode PEM-encrypted TLS keys. More details in discussion on github https://github.com/openssl/openssl/issues/3594 . I don't want to describe bug from scratch here so I'll reuse discussion on GH, will just paste links that points to the clue. The issue is described with details by me on github: - https://github.com/openssl/openssl/issues/3594#issuecomment-305485782 The answer from openssl developer: - https://github.com/openssl/openssl/issues/3594#issuecomment-305493300 The bug was initially submitted at Arch Linux bugtracker: https://bugs.archlinux.org/task/54233 , tl;dr it manifests itself as errors on key-decryption phase: > mai 29 13:28:23 mypc wpa_supplicant[3208]: OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag > mai 29 13:28:23 mypc wpa_supplicant[3208]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error > mai 29 13:28:23 mypc wpa_supplicant[3208]: OpenSSL: tls_connection_private_key - Failed to load private key error:00000000:lib(0):func(0):reason(0) > mai 29 13:28:23 mypc wpa_supplicant[3208]: TLS: Failed to load private key '/home/me/.certs/some_key.pem' > mai 29 13:28:23 mypc wpa_supplicant[3208]: TLS: Failed to set TLS connection parameters I guess that I can just leave you the decision how to handle that. Let me know if you need more details, I'm happy to help. lsiudut _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
